Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed on 
May 26, 2006. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed on May 26, 2006, Claims 57, 58, 63, 64, 72, 73, 81 , 82 and 
90-95 were pending in the Application. In the Office Action, Claims 57, 63, 72 and 81 were 
provisionally rejected under 35 U.S.C- §1 01 as claiming the same invention as that of claims 1,11 
and 21 of co-pending Application No. 1 1/171 ,104.. Claims 57, 63, 72, and 81 were further rejected 
under 35 U.S.C. §1 03(a) as being unpatentable over Brownlie et aL (U.S. Patent No. 6,202,157, 
hereinafter Brownlie) in view of Gai et al. (U.S. Patent No. 6,167,445, hereinafter Gai). Claims 58, 
64, 73 and 82 were rejected under 35 U.S.C. §1 03(a) as being unpatentable over the modified 
Brownlie and Gai system further in view of Luckenbaugh (U.S. Patent No. 5.991,877). Claims 91, 
93 and 95 were rejected under 35 U.S.C. §1 03(a) as being unpatentable over the modified 
Brownlie, Gai and Luckenbaugh system as applied to claims 90, 92 and 94, and further in view of 
Balassanian (U.S. Patent No. 6,324,685). 

II. Summary of Applicant's Amendment 

The present Response amends Claims 57, 58, 63, 64, 72, 73, 81 and 82, leaving for the 
Examinees present consideration Claims 57, 58, 63, 64, 72, 73, 81 , 82 and 90-95. Reconsideration 
of the Application and of the claims is respectfully requested. 

III. 35 U.S.C. 5101 Double Patenting 

In the Office Action mailed May 26, 2006, Claims 57, 63, 72 and 81 were provisionally 
rejected under 35 U.S.C. 1 01 as claiming the same invention as that of claims 1 p 1 1 and 21 of co- 
pending Application No. 1 1 /1 71 .1 04. The present Response hereby amends Claims 57, 63, 72 and 
81. Applicant respectfully submits that, as amended, Claims 57, 63, 72 and 81 do not claim the 
same invention as Claims 1, 11 and 21 of co-pending Application 11/171,104 and reconsideration 
thereof is respectfully requested. 

IV. Rejections Under 35 U.S,C.§103fa) 

In the Office Action mailed May 26, 2006, Claims 57 > 63, 72, and 81 were rejected under 
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35 U.S.C. §103(a) as being unpatentable over Browniie et al. (U.S. Patent No. 6,202,157, 
hereinafter Browniie) in view of Gai et al. (U.S. Patent No. 6,167,445, hereinafter Gai). Claims 58, 
64 f 73 and 82 were rejected under 35 U.S.C. §1 03(a) as being unpatentable over the modified 
Browniie and Gai system further in view of Luckenbaugh (U.S. Patent No. 5,991,877). Claims 91, 
93 and 95 were rejected under 35 U.S.C. §1 03(a) as being unpatentable over the modified 
Browniie, Gai and Luckenbaugh system as applied to claims 90, 92 and 94, and further in view of 
Balassanian (U.S. Patent No. 6,324,685). 

Claim 57 

Claim 57 has been amended to more clearly define the embodiment therein. As amended, 
Claim 57 now defines: 

57. A system for maintaining security in a distributed computing environment 
comprising: 

a policy manager located on a server for creating a local security policy and 
for distributing the local security policy to a client wherein the local security policy 
includes a plurality of rules customized to the client, said plurality of rules including 
a set of grant rules that allow access to securable components and a set of deny 
rules that prevent access to said securable components; and 

an application guard located at the client for managing access by individual 
transactions to securable components at a client level as specified by the local 
security policy, the securable components including df least one application; 

wherein the policy manager receives a global ^security policy that includes 
a plurality of rules for regulating access to said securable components and wherein 
the policy manager customizes the local security policy by selecting a subset of 
rules from the global security policy that are applicable to the application guard and 
distributes the subset to the application guard; and 

wherein the application guard receives an authorization request including a 
subject, an object and a privilege and evaluates said request by matching the 
subset of rules received from the policy manager to said subject, said object and 
said privilege in order to control access to said securable components. 

As amended, Claim 57 defines a policy manager located on a server for creating a local 
security policy and distributing the local security policy to a client. The local security policy includes 
a plurality of rules including grant rules for allowing access to securable components (e.g. 
applications) and deny rules for preventing access to such components. The local security is 
created by receiving a global security policy and selecting a subset of rules from the global policy 
that are applicable to the application guard. The application guard then controls access to 
securable components by receiving authorization requests and evaluating them against the local 
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security policy (subset of rules). Such an authorization request includes a subject, an object and 
a privilege and the application guard matches them to the subset of rules that it has received in 
order to control access to the securable components. 

The advantages of the features in Claim 57 is the ability to distribute security policies that 
control access to the various applications, functions, etc. at the client level. Thus, a more 
sophisticated security policy is possible because the application can evaluate access privileges 
during every transaction (Specification page 10). 

Brownlie teaches computer network security system and method having unilateral 
enforceable security policy provision. More particularly, Brownlie appears to disclose a centrally 
assigned policy data such as password length rules that is unilaterally enforced at network nodes 
(Brownlie, Abstract). Gai, on the other hand, appears to teach high level quality of service policies 
and global and local scope policies (col. 18, lines 24-35). However, Applicant respectfully submrts 
that Brownlie in combination with Gai fail to disclose the features of Claim 57. 

For example, Brownlie and Gai fail to disclose distributing grant and deny rules that control 
access to securable components, as defined in Claim 57. Instead, Brownlie appears to disclose 
that policy parameters are distributed to network nodes. These policy parameters include polities 
relating to password aging, password reuse, length of password, lifetime rules related to certificates 
and renewals, etc. (col. 3, lines 25-49). They do not appear to be grant and deny rules that control 
access by individual transactions to an application or other securable components, as defined in 
Claim 57. 

Furthermore, Brownlie and Gai fail to disclose an application guard that receives an 
authorization request including a subject, an object and a privilege and evaluates that request by 
matching them to the subset of the rules received via the distribution, as defined in Claim 57. 
Neither Brownlie nor Gai does not appear to be concerned with evaluating authorization decisions, 
nor subjects, objects or privileges, as defined in Claim 57. 

In view of the above comments, Applicant respectfully submits that Claim 57, as amended, 
is neither anticipated by, nor obvious in view of the cited references, and reconsideration thereof 
is respectfully requested. 

Claims 63, 72 and 81 

Claims 63, 72 and 81 have been amended similarly to Claim 57 to more clearly define the 
embodiments therein. Applicant respectfully submits that Claims 63, 72 and 81 as amended, are 
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likewise neither anticipated by, nor obvious in view of the cited references, and reconsideration 
thereof is respectfully requested. 

Claims 58, 64, 73, 82 and 90-95 

Claims 58, 64, 73. 82 and 90-95 are not addressed separately, but it is respectfully 
submitted that these claims are allowable as depending from an allowable independent claim, and 
further in view of the comments provided above. Applicant respectfully submits that Claims 58, 64, 
73, 82 and 90-95 are similarly neither anticipated by, nor obvious in view of the cited references, 
and reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant respectfully reserves the right to argue these limitations 
should it become necessary in the future. 

V. Conclusion 

In light of the above amendments and remarks, it is respectfully submitted that all of the 
claims now pending in the subject patent application should be allowable, and reconsideration 
thereof is requested. The Examiner is respectfully requested to telephone the undersigned before 
an advisory action is issued in order to avoid any unnecessary filing of an appeal. 

The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1 325 for any matter in connection with this response, including any fee 
for extension of time, which may be required. 



FLIESLER MEYER LLP 
Four Embarcadero Center, Fourth Floor 
San Francisco, California 94111-4156 
Telephone: (415) 362-3800 
Customer No. 23910 
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